programming with openssl and libcrypto in examplessyrinx/presentations/openssl/openssl... ·...
TRANSCRIPT
![Page 1: Programming with OpenSSL and libcrypto in examplessyrinx/presentations/openssl/OpenSSL... · Programming with OpenSSL and libcrypto in examples BurgasLab, Burgas April, 2014 Shteryana](https://reader034.vdocument.in/reader034/viewer/2022050807/5a78e44d7f8b9a5a148d4664/html5/thumbnails/1.jpg)
Programming with OpenSSL and libcrypto in examples
BurgasLab, BurgasApril, 2014
Shteryana Shopova,[email protected]
![Page 2: Programming with OpenSSL and libcrypto in examplessyrinx/presentations/openssl/OpenSSL... · Programming with OpenSSL and libcrypto in examples BurgasLab, Burgas April, 2014 Shteryana](https://reader034.vdocument.in/reader034/viewer/2022050807/5a78e44d7f8b9a5a148d4664/html5/thumbnails/2.jpg)
secured communications
the need for secured communications
world war II Enigma cipher machine
bank transfers
private data (drunk pictures from that party, etc)
crypto-what?
what is SSL/TLS
OpenSSL and libcrypto
![Page 3: Programming with OpenSSL and libcrypto in examplessyrinx/presentations/openssl/OpenSSL... · Programming with OpenSSL and libcrypto in examples BurgasLab, Burgas April, 2014 Shteryana](https://reader034.vdocument.in/reader034/viewer/2022050807/5a78e44d7f8b9a5a148d4664/html5/thumbnails/3.jpg)
alternatives
Apple's libsecurity_ssl
PolarSSL (used by OpenVPN)
full list
● http://en.wikipedia.org/wiki/Comparison_of_TLS_implementations
● http+ssh:// ?
● LibreSSL - OpenBSD's OpenSSL fork
![Page 4: Programming with OpenSSL and libcrypto in examplessyrinx/presentations/openssl/OpenSSL... · Programming with OpenSSL and libcrypto in examples BurgasLab, Burgas April, 2014 Shteryana](https://reader034.vdocument.in/reader034/viewer/2022050807/5a78e44d7f8b9a5a148d4664/html5/thumbnails/4.jpg)
concepts in cryptography
plaintext/ciphertext
block ciphers vs stream ciphers
symetric cryptography
public key cryptography
hash function
digital signature
message authentication code
digital certificates
![Page 5: Programming with OpenSSL and libcrypto in examplessyrinx/presentations/openssl/OpenSSL... · Programming with OpenSSL and libcrypto in examples BurgasLab, Burgas April, 2014 Shteryana](https://reader034.vdocument.in/reader034/viewer/2022050807/5a78e44d7f8b9a5a148d4664/html5/thumbnails/5.jpg)
security algorithms
hash functions – MD5, SHA1
authentication codes – HMAC
cryptographic algorithms
symetric – Blowfish, DES, AES
public key – DSA/RSA
key agreement algorithms – Diffie-Hellman
public key infrastructure
![Page 6: Programming with OpenSSL and libcrypto in examplessyrinx/presentations/openssl/OpenSSL... · Programming with OpenSSL and libcrypto in examples BurgasLab, Burgas April, 2014 Shteryana](https://reader034.vdocument.in/reader034/viewer/2022050807/5a78e44d7f8b9a5a148d4664/html5/thumbnails/6.jpg)
contents of a X.509 certificate
![Page 7: Programming with OpenSSL and libcrypto in examplessyrinx/presentations/openssl/OpenSSL... · Programming with OpenSSL and libcrypto in examples BurgasLab, Burgas April, 2014 Shteryana](https://reader034.vdocument.in/reader034/viewer/2022050807/5a78e44d7f8b9a5a148d4664/html5/thumbnails/7.jpg)
what is SSL/TLS
cryptographic protocols, designed to provide communication security over unsecured network
provide connection security by
privacy – encrypt connection
authentication – prove identity through certificates
reliability – maintenance of secure connection through message integrity checking
![Page 8: Programming with OpenSSL and libcrypto in examplessyrinx/presentations/openssl/OpenSSL... · Programming with OpenSSL and libcrypto in examples BurgasLab, Burgas April, 2014 Shteryana](https://reader034.vdocument.in/reader034/viewer/2022050807/5a78e44d7f8b9a5a148d4664/html5/thumbnails/8.jpg)
how SSL works
four protocol layers
record layer – formats messages, incl. Generated HMAC at the end
ChangeCipherSpec protocol layer – one message that signals the beginning of secure communication
alert protocol – sends errors, problems or warnings about the connection
handshake protocol – establish a handshake that begins secure connection
![Page 9: Programming with OpenSSL and libcrypto in examplessyrinx/presentations/openssl/OpenSSL... · Programming with OpenSSL and libcrypto in examples BurgasLab, Burgas April, 2014 Shteryana](https://reader034.vdocument.in/reader034/viewer/2022050807/5a78e44d7f8b9a5a148d4664/html5/thumbnails/9.jpg)
how SSL works (2)
![Page 10: Programming with OpenSSL and libcrypto in examplessyrinx/presentations/openssl/OpenSSL... · Programming with OpenSSL and libcrypto in examples BurgasLab, Burgas April, 2014 Shteryana](https://reader034.vdocument.in/reader034/viewer/2022050807/5a78e44d7f8b9a5a148d4664/html5/thumbnails/10.jpg)
SSL handshake
![Page 11: Programming with OpenSSL and libcrypto in examplessyrinx/presentations/openssl/OpenSSL... · Programming with OpenSSL and libcrypto in examples BurgasLab, Burgas April, 2014 Shteryana](https://reader034.vdocument.in/reader034/viewer/2022050807/5a78e44d7f8b9a5a148d4664/html5/thumbnails/11.jpg)
SSL handshake,2-way authentication
![Page 12: Programming with OpenSSL and libcrypto in examplessyrinx/presentations/openssl/OpenSSL... · Programming with OpenSSL and libcrypto in examples BurgasLab, Burgas April, 2014 Shteryana](https://reader034.vdocument.in/reader034/viewer/2022050807/5a78e44d7f8b9a5a148d4664/html5/thumbnails/12.jpg)
before we start programming
Learn to code C
properly !!!
![Page 13: Programming with OpenSSL and libcrypto in examplessyrinx/presentations/openssl/OpenSSL... · Programming with OpenSSL and libcrypto in examples BurgasLab, Burgas April, 2014 Shteryana](https://reader034.vdocument.in/reader034/viewer/2022050807/5a78e44d7f8b9a5a148d4664/html5/thumbnails/13.jpg)
good programming practices
clear design
coding style (indentation matters too!)
compiler warnings
code versioning systems
code reviews
static code analyzers
unit testing
fuzz testing
automation testing
documentation
![Page 14: Programming with OpenSSL and libcrypto in examplessyrinx/presentations/openssl/OpenSSL... · Programming with OpenSSL and libcrypto in examples BurgasLab, Burgas April, 2014 Shteryana](https://reader034.vdocument.in/reader034/viewer/2022050807/5a78e44d7f8b9a5a148d4664/html5/thumbnails/14.jpg)
good C coding practices input validation
bounds checking
string manipulation
initialize data
sanitize output
proper cleanup
error checking
principle of least priviledge and priviledge separation
keep it simple
...
![Page 15: Programming with OpenSSL and libcrypto in examplessyrinx/presentations/openssl/OpenSSL... · Programming with OpenSSL and libcrypto in examples BurgasLab, Burgas April, 2014 Shteryana](https://reader034.vdocument.in/reader034/viewer/2022050807/5a78e44d7f8b9a5a148d4664/html5/thumbnails/15.jpg)
good C coding practices (2)
Build a habit of applying those!
All of them!
Always!
![Page 16: Programming with OpenSSL and libcrypto in examplessyrinx/presentations/openssl/OpenSSL... · Programming with OpenSSL and libcrypto in examples BurgasLab, Burgas April, 2014 Shteryana](https://reader034.vdocument.in/reader034/viewer/2022050807/5a78e44d7f8b9a5a148d4664/html5/thumbnails/16.jpg)
Apple's gotofail bug
● http://opensource.apple.com/source/Security/Security-55471/libsecurity_ssl/lib/sslKeyExchange.c
![Page 17: Programming with OpenSSL and libcrypto in examplessyrinx/presentations/openssl/OpenSSL... · Programming with OpenSSL and libcrypto in examples BurgasLab, Burgas April, 2014 Shteryana](https://reader034.vdocument.in/reader034/viewer/2022050807/5a78e44d7f8b9a5a148d4664/html5/thumbnails/17.jpg)
Apple's gotofail bug (2)
![Page 18: Programming with OpenSSL and libcrypto in examplessyrinx/presentations/openssl/OpenSSL... · Programming with OpenSSL and libcrypto in examples BurgasLab, Burgas April, 2014 Shteryana](https://reader034.vdocument.in/reader034/viewer/2022050807/5a78e44d7f8b9a5a148d4664/html5/thumbnails/18.jpg)
OpenSSL's heartbleed
![Page 19: Programming with OpenSSL and libcrypto in examplessyrinx/presentations/openssl/OpenSSL... · Programming with OpenSSL and libcrypto in examples BurgasLab, Burgas April, 2014 Shteryana](https://reader034.vdocument.in/reader034/viewer/2022050807/5a78e44d7f8b9a5a148d4664/html5/thumbnails/19.jpg)
OpenSSL's heartbleed (2)
● http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=4817504
![Page 20: Programming with OpenSSL and libcrypto in examplessyrinx/presentations/openssl/OpenSSL... · Programming with OpenSSL and libcrypto in examples BurgasLab, Burgas April, 2014 Shteryana](https://reader034.vdocument.in/reader034/viewer/2022050807/5a78e44d7f8b9a5a148d4664/html5/thumbnails/20.jpg)
OpenSSL's heartbleed (3)
“First, I have yet to see a SSL library where the source code is not a nightmare.” Poul-Henning Kamp, 2011-02-15 “It is, bar none, the worst library I have ever worked with. I can not believe that the internet is running on such a ridiculous complex and gratuitously stupid piece of code.” Marco Peereboom, 2009 “"Catastrophic" is the right word. On the scale of 1 to 10, this is an 11.” Bruce Schneier, 2014-04-09 “OpenSSL is not developed by a responsible team.” Theo de Raadt, 2014-04-08
![Page 21: Programming with OpenSSL and libcrypto in examplessyrinx/presentations/openssl/OpenSSL... · Programming with OpenSSL and libcrypto in examples BurgasLab, Burgas April, 2014 Shteryana](https://reader034.vdocument.in/reader034/viewer/2022050807/5a78e44d7f8b9a5a148d4664/html5/thumbnails/21.jpg)
OpenSSL's heartbleed (4)
“I'm writing this on the third day after the "Heartbleed" bug in OpenSSL devasted internet security, and while I have been very critical of the OpenSSL source code since I first saw it, I have nothing but admiration for the OpenSSL crew and their effort.In particular considering what they're paid for it.…But software is written by people, real people with kids, cars, mortgages, leaky roofs, sick pets, infirm parents and all other kinds of perfectly normal worries of an adult human being.” Poul-Henning Kamp, 2014-04-11
![Page 22: Programming with OpenSSL and libcrypto in examplessyrinx/presentations/openssl/OpenSSL... · Programming with OpenSSL and libcrypto in examples BurgasLab, Burgas April, 2014 Shteryana](https://reader034.vdocument.in/reader034/viewer/2022050807/5a78e44d7f8b9a5a148d4664/html5/thumbnails/22.jpg)
test! test! test!
● "Every time I think “this change is so simple, it doesn't need any tests,” it breaks in some horrible, unpredictable way. EVERY. TIME." Mislav Marohnić, 21-12-2013
![Page 23: Programming with OpenSSL and libcrypto in examplessyrinx/presentations/openssl/OpenSSL... · Programming with OpenSSL and libcrypto in examples BurgasLab, Burgas April, 2014 Shteryana](https://reader034.vdocument.in/reader034/viewer/2022050807/5a78e44d7f8b9a5a148d4664/html5/thumbnails/23.jpg)
Debian Random generator bug, 2008
Know what your code is doing
![Page 24: Programming with OpenSSL and libcrypto in examplessyrinx/presentations/openssl/OpenSSL... · Programming with OpenSSL and libcrypto in examples BurgasLab, Burgas April, 2014 Shteryana](https://reader034.vdocument.in/reader034/viewer/2022050807/5a78e44d7f8b9a5a148d4664/html5/thumbnails/24.jpg)
OpenSSL architecture
![Page 25: Programming with OpenSSL and libcrypto in examplessyrinx/presentations/openssl/OpenSSL... · Programming with OpenSSL and libcrypto in examples BurgasLab, Burgas April, 2014 Shteryana](https://reader034.vdocument.in/reader034/viewer/2022050807/5a78e44d7f8b9a5a148d4664/html5/thumbnails/25.jpg)
OpenSSL command-line interface
![Page 26: Programming with OpenSSL and libcrypto in examplessyrinx/presentations/openssl/OpenSSL... · Programming with OpenSSL and libcrypto in examples BurgasLab, Burgas April, 2014 Shteryana](https://reader034.vdocument.in/reader034/viewer/2022050807/5a78e44d7f8b9a5a148d4664/html5/thumbnails/26.jpg)
generating message digest/HMAC
syrinx:demetra:/openssl dgst -md5 openssl-verify-certs.pngMD5(openssl-verify-certs.png)= 6d3d806d8b178d1a753ed6786fe51ffd
syrinx:demetra:/openssl dgst -sha1 openssl-verify-certs.pngSHA1(openssl-verify-certs.png)= dbf8ff0ea8f6b41b9022d31b0eb3ce68709b325f
syrinx:demetra:/openssl dgst -sha1 -hmac 'burgaslab' openssl-verify-certs.pngHMAC-SHA1(openssl-verify-certs.png)= 6eb5396d098a68022d47e18f0a3c153d53847dd2syrinx:demetra:/
![Page 27: Programming with OpenSSL and libcrypto in examplessyrinx/presentations/openssl/OpenSSL... · Programming with OpenSSL and libcrypto in examples BurgasLab, Burgas April, 2014 Shteryana](https://reader034.vdocument.in/reader034/viewer/2022050807/5a78e44d7f8b9a5a148d4664/html5/thumbnails/27.jpg)
encryption/decryption
syrinx:demetra:/echo "This is plaintext!" > plaintext.txt
syrinx:demetra:/openssl enc -e -aes-256-cbc -in plaintext.txt -out plaintext.binenter aes-256-cbc encryption password:Verifying - enter aes-256-cbc encryption password:
syrinx:demetra:/openssl enc -d -aes-256-cbc -in plaintext.bin -out plaintext2.txtenter aes-256-cbc decryption password:syrinx:demetra:/cat plaintext2.txt This is plaintext!
syrinx:demetra:/openssl enc -d -aes-256-cbc -in plaintext.bin -out plaintext2.txtenter aes-256-cbc decryption password:bad decrypt34379021208:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:/usr/home/syrinx/freebsd-current-20131115-01/head/secure/lib/libcrypto/../../../crypto/openssl/crypto/evp/evp_enc.c:546:syrinx:demetra:/
syrinx:demetra:/openssl base64 -e -aes-256-cbc -in plaintext.bin -out plaintext.ascenter aes-256-cbc encryption password:Verifying - enter aes-256-cbc encryption password:syrinx:demetra:/cat plaintext.ascU2FsdGVkX1/Eg+RX++d7VhWEAI8HgyP7WpR341iOnxadwVlSzsvzy4ef2XKydpzU8SWpieTUOLE7TKJiI3N8ICzlqlh+H6pgK/95KsDPUkU=
![Page 28: Programming with OpenSSL and libcrypto in examplessyrinx/presentations/openssl/OpenSSL... · Programming with OpenSSL and libcrypto in examples BurgasLab, Burgas April, 2014 Shteryana](https://reader034.vdocument.in/reader034/viewer/2022050807/5a78e44d7f8b9a5a148d4664/html5/thumbnails/28.jpg)
OpenSSL programming – encrypt/decryptEVP_CIPHER_CTX ctx;
memcpy(iv, keyb, ENC_AES_IV_SIZ);if (decrypt == 0) {
if (EVP_EncryptInit(&ctx, EVP_aes_128_cfb128(), keyb, iv) != 1) {error = EX_DATAERR;goto cleanup;
}if (EVP_EncryptUpdate(&ctx, outb, &outl, inb, inl) != 1 || EVP_EncryptFinal(&ctx, outb + outl, &outl) != 1)
error = EX_DATAERR;} else {
if (EVP_DecryptInit(&ctx, EVP_aes_128_cfb128(), keyb, iv) != 1 || EVP_CIPHER_CTX_set_padding(&ctx, 0) != 1) {
error = EX_DATAERR;goto cleanup;
}if (EVP_DecryptUpdate(&ctx, outb, &outl, inb, inl) != 1 || EVP_DecryptFinal(&ctx, outb + outl, &outl) != 1)
error = EX_DATAERR;}
EVP_CIPHER_CTX_cleanup(&ctx);
![Page 29: Programming with OpenSSL and libcrypto in examplessyrinx/presentations/openssl/OpenSSL... · Programming with OpenSSL and libcrypto in examples BurgasLab, Burgas April, 2014 Shteryana](https://reader034.vdocument.in/reader034/viewer/2022050807/5a78e44d7f8b9a5a148d4664/html5/thumbnails/29.jpg)
OpenSSL programming – create keys
create CA cert, server &client certificate request/keys, sign csr
![Page 30: Programming with OpenSSL and libcrypto in examplessyrinx/presentations/openssl/OpenSSL... · Programming with OpenSSL and libcrypto in examples BurgasLab, Burgas April, 2014 Shteryana](https://reader034.vdocument.in/reader034/viewer/2022050807/5a78e44d7f8b9a5a148d4664/html5/thumbnails/30.jpg)
OpenSSL – create keys(2)
![Page 31: Programming with OpenSSL and libcrypto in examplessyrinx/presentations/openssl/OpenSSL... · Programming with OpenSSL and libcrypto in examples BurgasLab, Burgas April, 2014 Shteryana](https://reader034.vdocument.in/reader034/viewer/2022050807/5a78e44d7f8b9a5a148d4664/html5/thumbnails/31.jpg)
OpenSSL – test certificates
different Common Names
![Page 32: Programming with OpenSSL and libcrypto in examplessyrinx/presentations/openssl/OpenSSL... · Programming with OpenSSL and libcrypto in examples BurgasLab, Burgas April, 2014 Shteryana](https://reader034.vdocument.in/reader034/viewer/2022050807/5a78e44d7f8b9a5a148d4664/html5/thumbnails/32.jpg)
setting up an unsecured connection
BIO * bio;int x;
if ((bio = BIO_new_connect("hostname:port")) == NULL || BIO_do_connect(bio) <= 0) {
/* Handle failed connection */}
if ((x = BIO_read(bio, buf, len)) <= 0) {/* Handle error/closed connection */
}
BIO_reset(bio); /* reuse the connection */BIO_free_all(bio); /* cleanup */
![Page 33: Programming with OpenSSL and libcrypto in examplessyrinx/presentations/openssl/OpenSSL... · Programming with OpenSSL and libcrypto in examples BurgasLab, Burgas April, 2014 Shteryana](https://reader034.vdocument.in/reader034/viewer/2022050807/5a78e44d7f8b9a5a148d4664/html5/thumbnails/33.jpg)
setting up a secured connectionSSL_CTX * ctx;SSL * ssl;
if ((ssl = SSL_CTX_new(SSLv23_client_method())) == NULL)err(1, "SSL_CTX_new());
if (SSL_CTX_load_verify_locations(ctx, "/path/to/TrustStore.pem", NULL) != 0) {
/* Handle failed load here */SSL_CTX_free(ctx);
}
if ((bio = BIO_new_ssl_connect(ctx)) == NULL) {SSL_CTX_free(ctx);err(1, "BIO_new_ssl_connect());
}BIO_get_ssl(bio, & ssl);SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
/* Attempt to connect */BIO_set_conn_hostname(bio, "hostname:port");
/* Verify the connection opened and perform the handshake */if (BIO_do_connect(bio) <= 0 || SSL_get_verify_result(ssl) != X509_V_OK) {
BIO_free_all(bio);SSL_CTX_free(ctx);err(1, "BIO_do_connect()/SSL_get_verify_result()");
}
BIO_free_all(bio);SSL_CTX_free(ctx);
![Page 34: Programming with OpenSSL and libcrypto in examplessyrinx/presentations/openssl/OpenSSL... · Programming with OpenSSL and libcrypto in examples BurgasLab, Burgas April, 2014 Shteryana](https://reader034.vdocument.in/reader034/viewer/2022050807/5a78e44d7f8b9a5a148d4664/html5/thumbnails/34.jpg)
error detection & reporting
printf("Error: %s\n", ERR_reason_error_string(ERR_get_error()));
ERR_print_errors_fp(FILE *);
ERR_print_errors(BIO *);
CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); /* XXX: really needed? */
(void)SSL_library_init();
SSL_load_error_strings();
printf("Error: %s\n", ERR_error_string(SSL_get_error((ssl),(err)), NULL);
![Page 35: Programming with OpenSSL and libcrypto in examplessyrinx/presentations/openssl/OpenSSL... · Programming with OpenSSL and libcrypto in examples BurgasLab, Burgas April, 2014 Shteryana](https://reader034.vdocument.in/reader034/viewer/2022050807/5a78e44d7f8b9a5a148d4664/html5/thumbnails/35.jpg)
OpenSSL – server example
SSL_load_error_strings();OpenSSL_add_ssl_algorithms();
if ((ctx = SSL_CTX_new(SSLv23_server_method())) == NULL)fatalx("ctx");
if (!SSL_CTX_load_verify_locations(ctx, SSL_CA_CRT, NULL))fatalx("verify");
SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(SSL_CA_CRT));if (!SSL_CTX_use_certificate_file(ctx, SSL_SERVER_CRT, SSL_FILETYPE_PEM))
fatalx("cert");if (!SSL_CTX_use_PrivateKey_file(ctx, SSL_SERVER_KEY, SSL_FILETYPE_PEM))
fatalx("key");if (!SSL_CTX_check_private_key(ctx))
fatalx("cert/key");SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);SSL_CTX_set_verify_depth(ctx, 1);
/* setup socket – socket()/bind()/listen() */
for (; work != 0;) {if ((s = accept(sock, 0, 0)) == -1)
err(EX_OSERR, "accept");sbio = BIO_new_socket(s, BIO_NOCLOSE);ssl = SSL_new(ctx);SSL_set_bio(ssl, sbio, sbio);if ((r = SSL_accept(ssl)) == -1)
warn("SSL_accept");}
![Page 36: Programming with OpenSSL and libcrypto in examplessyrinx/presentations/openssl/OpenSSL... · Programming with OpenSSL and libcrypto in examples BurgasLab, Burgas April, 2014 Shteryana](https://reader034.vdocument.in/reader034/viewer/2022050807/5a78e44d7f8b9a5a148d4664/html5/thumbnails/36.jpg)
OpenSSL – client exampleSSL_load_error_strings();OpenSSL_add_ssl_algorithms();if ((ctx = SSL_CTX_new(SSLv23_client_method())) == NULL)
fatalx("ctx");if (!SSL_CTX_load_verify_locations(ctx, SSL_CA_CRT, NULL))
fatalx("verify");if (!SSL_CTX_use_certificate_file(ctx, SSL_CLIENT_CRT, SSL_FILETYPE_PEM))
fatalx("cert");if (!SSL_CTX_use_PrivateKey_file(ctx, SSL_CLIENT_KEY, SSL_FILETYPE_PEM))
fatalx("key");if (!SSL_CTX_check_private_key(ctx))
fatalx("cert/key");SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);SSL_CTX_set_verify_depth(ctx, 1);/* setup connection */if ((hp = gethostbyname("localhost")) == NULL)
err(EX_OSERR, "gethostbyname");/* init socket – socket()/connect() *//* go do ssl magic */ssl = SSL_new(ctx);sbio = BIO_new_socket(sock, BIO_NOCLOSE);SSL_set_bio(ssl, sbio, sbio);if (SSL_connect(ssl) <= 0)
fatalx("SSL_connect");if (SSL_get_verify_result(ssl) != X509_V_OK)
fatalx("cert");printf("connected to server!\n");SSL_free(ssl);BIO_free_all(sbio);SSL_CTX_free(ctx);
![Page 37: Programming with OpenSSL and libcrypto in examplessyrinx/presentations/openssl/OpenSSL... · Programming with OpenSSL and libcrypto in examples BurgasLab, Burgas April, 2014 Shteryana](https://reader034.vdocument.in/reader034/viewer/2022050807/5a78e44d7f8b9a5a148d4664/html5/thumbnails/37.jpg)
compiling and running the code
http://people.freebsd.org/~syrinx/presentations/openssl/ download, untar & make needs libbsd for Linux/Ubuntu
![Page 38: Programming with OpenSSL and libcrypto in examplessyrinx/presentations/openssl/OpenSSL... · Programming with OpenSSL and libcrypto in examples BurgasLab, Burgas April, 2014 Shteryana](https://reader034.vdocument.in/reader034/viewer/2022050807/5a78e44d7f8b9a5a148d4664/html5/thumbnails/38.jpg)
references
https://www.openssl.org/http://www.libressl.org/http://www.ietf.org/rfc/rfc2246.txthttp://www.ietf.org/rfc/rfc3546.txthttp://tools.ietf.org/html/rfc6347http://tools.ietf.org/html/rfc6083https://tools.ietf.org/html/rfc6520http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1255.pdfhttp://cacr.uwaterloo.ca/hac/https://www.peereboom.us/assl/assl/html/openssl.htmlhttps://www.owasp.org/index.php/Guide_to_Cryptographyhttps://www.cs.utexas.edu/~shmat/shmat_oak14.pdfhttps://www.ssllabs.com/https://www.howsmyssl.com/https://we.riseup.net/riseuplabs+paow/openpgp-best-practices#openpgp-key-checkshttp://www.secureconsulting.net/2008/03/the_key_management_lifecycle_1.html
![Page 39: Programming with OpenSSL and libcrypto in examplessyrinx/presentations/openssl/OpenSSL... · Programming with OpenSSL and libcrypto in examples BurgasLab, Burgas April, 2014 Shteryana](https://reader034.vdocument.in/reader034/viewer/2022050807/5a78e44d7f8b9a5a148d4664/html5/thumbnails/39.jpg)
questions?
![Page 40: Programming with OpenSSL and libcrypto in examplessyrinx/presentations/openssl/OpenSSL... · Programming with OpenSSL and libcrypto in examples BurgasLab, Burgas April, 2014 Shteryana](https://reader034.vdocument.in/reader034/viewer/2022050807/5a78e44d7f8b9a5a148d4664/html5/thumbnails/40.jpg)
thank you!